reCAPTCHA bot protection and online fraud prevention
Protect against fraud and abuse with modern bot protection and fraud prevention platform
Uplevel your online fraud protection capabilities with a frictionless solution that protects your website and mobile apps against the most sophisticated targeted and scaled attacks.
Features
Advanced bot and online fraud detection
reCAPTCHA leverages a sophisticated and adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps.
Protect against online account takeovers and fraudulent users
Bot mitigation with frictionless user experience
Safeguards your website and mobile applications from abusive traffic without compromising the user experience. reCAPTCHA employs an invisible score-based detection mechanism to differentiate between legitimate users and bots or other malicious attacks.
Online scam protection against SMS toll fraud attacks
Utilizing Google-scale fraud intelligence, reCAPTCHA’s adaptable risk analysis engine assigns a risk score to each phone number, helping organizations to identify those at risk of involvement in SMS toll fraud attacks. This enables organizations to take proactive measures by blocking suspicious SMS messages before they are sent, resulting in significant cost savings.
Protect against fraudulent transactions
Provides a transaction risk score that helps identify and block fraudulent transactions. By merging Google-scale fraud intelligence with our expertise in payment risk and modeling, reCAPTCHA helps secure payment workflows at scale.
Support for any endpoint
Protects your organization from fraud and abuse when dealing with traffic coming from any endpoint. In addition to website security, reCAPTCHA provides native mobile SDKs for iOS and Android. For endpoints that cannot run web JavaScript or mobile SDKs, reCAPTCHA Express can support clients like smart devices and IoT devices.
Online fraud management at Google-scale
Providing global insights against fraud using threat intelligence telemetry from trillions of transactions, billions of users and devices, and millions of websites, reCAPTCHA provides global insights against fraud. These insights power our detection models to help protect from fraudulent activity, spam, and abuse.
Website bot protection coverage for the entire customer journey
Offers comprehensive protection for the entire customer journey, including user-generated content, registration, login, cart, and payment transactions. This integration across various user and payment flows leverages optimized AI/ML models to enhance security.
AI/ML-powered threat detection
Uses a powerful combination of artificial intelligence (AI), machine learning (ML), clustering, and neural networks to uncover the most sophisticated threats. Our AI/ML-driven threat detection is capable of identifying active attacks and uncovering the connections between adversaries and their operations.
Multi-factor authentication
Multi-factor authentication (MFA) with reCAPTCHA offers an enhanced level of security by introducing an additional authentication step for logins and other user flows. This approach helps organizations combat credential stuffing attacks and protect against account takeovers.
Password leak detection
Securely compares passwords against Google's database of over four billion leaked credentials from third-party breaches. If a match is found, you can take actions like warning the user, requiring a password change, and optionally triggering MFA. This helps mitigate account takeover risks from credential stuffing attacks, protecting both user privacy and your site's reputation.
Identify malicious fraudulent accounts
Helps you detect groups of accounts exhibiting suspicious or related behavior. This information enables you to take proactive measures like disabling related accounts, restricting their actions, or implementing additional verification processes to mitigate the impact of malicious actors.
Integrate with your web application firewall (WAF)
Integrates with your existing WAF (web application firewall) to provide enhanced detection and protection at the network edge. This integration works with WAF providers like Google Cloud Armor, Fastly, and Cloudflare. By deploying reCAPTCHA as a service at the WAF layer, you can detect and block abusive traffic before it even reaches your web application's infrastructure.
Comprehensive web app and API protection (WAAP)
Google Cloud's web app and API protection (WAAP) solution combines reCAPTCHA Enterprise, Cloud Armor, and Apigee for powerful protection. reCAPTCHA Enterprise offers advanced bot detection and fraud protection, Cloud Armor acts as a web application firewall (WAF) to block attacks, and Apigee secures your APIs through management and analytics. Together, they provide a multi-layered defense against various web threats.
Adaptive risk-analysis engine
Analyzes a vast array of signals, including user behavior, device information, IP addresses, and historical interaction patterns to assess the risk level associated with a particular action on your site or mobile app. Organizations can fine-tune the risk analysis engine to your site’s specific needs.
Comprehensive risk dashboards
Offers a dashboard with insights and analytics to help you proactively manage bot and fraud risks. The dashboard provides visibility into key metrics like overall risk scores, attack trends, challenge success rates, and the effectiveness of your risk thresholds. It also includes tools for visualizing data over time, and drilling down into suspicious activity patterns.
Cyber monitoring anomaly detection
Within the cloud-based console, you can identify traffic anomalies and leverage platform logs for further investigation. To gain insights into a specific incident, users can click a link that leads to a pre-filtered sample of all logs associated with that particular anomalous event.
Privacy preserving out of the box
reCAPTCHA secures data with client-side storage, anonymization, and privacy technologies. Data gathered is used only for reCAPTCHA's operation and security, not for personalized advertising by Google. See reCAPTCHA Terms of Service for more information.
Common Uses
Bot protection
Defend against automated cyber attacks
Cyber bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt customer experience, skew data, and damage brand reputation. reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA, businesses can gain proactive protection against malicious bots, ensuring a more secure and trustworthy online environment for their users.
Learning resources
Defend against automated cyber attacks
Cyber bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt customer experience, skew data, and damage brand reputation. reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA, businesses can gain proactive protection against malicious bots, ensuring a more secure and trustworthy online environment for their users.
Account protection
Mitigate account takeovers
Account takeover (ATO) attacks are a rising security concern, leading to data breaches, fraudulent transactions, and damage to customer trust. reCAPTCHA helps protect against ATOs by offering a multi-pronged approach. Its risk analysis engine detects suspicious login attempts, while features like Password Leak Detection and the Related Accounts API help identify accounts with compromised credentials or linked to known fraud rings. reCAPTCHA allows for customizable actions based on risk scores, enabling businesses to block fraudulent logins, require additional verification, and proactively protect user accounts.
Learning resources
Mitigate account takeovers
Account takeover (ATO) attacks are a rising security concern, leading to data breaches, fraudulent transactions, and damage to customer trust. reCAPTCHA helps protect against ATOs by offering a multi-pronged approach. Its risk analysis engine detects suspicious login attempts, while features like Password Leak Detection and the Related Accounts API help identify accounts with compromised credentials or linked to known fraud rings. reCAPTCHA allows for customizable actions based on risk scores, enabling businesses to block fraudulent logins, require additional verification, and proactively protect user accounts.
Fake account protection
Protect against fake account creation
Fake accounts are a major problem for online platforms, enabling spam, abuse, fraud, and the spread of misinformation. reCAPTCHA leverages Google-scale fraud intelligence to pinpoint suspicious behavior patterns associated with bot-driven registration. Using these signals, organizations can deter automated sign-ups while maintaining a smooth experience for genuine users. By implementing reCAPTCHA, businesses can reduce the number of fake accounts, protect legitimate users, and maintain the integrity of their platform.
Learning resources
Protect against fake account creation
Fake accounts are a major problem for online platforms, enabling spam, abuse, fraud, and the spread of misinformation. reCAPTCHA leverages Google-scale fraud intelligence to pinpoint suspicious behavior patterns associated with bot-driven registration. Using these signals, organizations can deter automated sign-ups while maintaining a smooth experience for genuine users. By implementing reCAPTCHA, businesses can reduce the number of fake accounts, protect legitimate users, and maintain the integrity of their platform.
SMS toll fraud protection
Protect against SMS pumping attacks
SMS toll fraud, also known as SMS pumping, is a cybercrime where attackers use bots to trigger mass SMS messages to premium-rate numbers, which leads to fraudulent charges for unsuspecting platforms utilizing SMS for 2FA. Fraudsters profit from the revenue share they receive from the telecom providers. Using Google-scale fraud intelligence, reCAPTCHA SMS Toll Fraud protection can maintain the integrity of SMS-based verification processes and safeguard financial security.
Learning resources
Protect against SMS pumping attacks
SMS toll fraud, also known as SMS pumping, is a cybercrime where attackers use bots to trigger mass SMS messages to premium-rate numbers, which leads to fraudulent charges for unsuspecting platforms utilizing SMS for 2FA. Fraudsters profit from the revenue share they receive from the telecom providers. Using Google-scale fraud intelligence, reCAPTCHA SMS Toll Fraud protection can maintain the integrity of SMS-based verification processes and safeguard financial security.
Transaction protection
Protect against fraudulent transactions
Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses and damages customer trust. reCAPTCHA analyzes transaction behavior and signals to identify fraudulent patterns, minimizing friction for good customers and helping businesses mitigate risks like payment disputes and chargebacks. By integrating reCAPTCHA, businesses can proactively protect themselves against payment fraud and enhance the security of their online transactions.
Learning resources
Protect against fraudulent transactions
Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses and damages customer trust. reCAPTCHA analyzes transaction behavior and signals to identify fraudulent patterns, minimizing friction for good customers and helping businesses mitigate risks like payment disputes and chargebacks. By integrating reCAPTCHA, businesses can proactively protect themselves against payment fraud and enhance the security of their online transactions.
Generate a solution
What problem are you trying to solve?
What you'll get:
Step-by-step guide
Reference architecture
Available pre-built solutions
This service was built with Vertex AI. You must be 18 or older to use it. Do not enter sensitive, confidential, or personal info.
Pricing
| reCAPTCHA Pricing | Pricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.* | ||
|---|---|---|---|
| Item | reCAPTCHA Essentials | reCAPTCHA Standard | reCAPTCHA Enterprise |
Cost per month | Free up to 10,000 assessments† | Free up to 10,000 assessments† $8 for up to 100,000 assessments | Free up to 10,000 assessments† $8 for up to 100,000 assessments then $1 per 1,000 assessments |
Term | None | Monthly | Monthly, yearly, or custom |
Assessments per month | < 10,000 | 10,000 to 100,000 | Unlimited |
Multi-factor authentication | No | BYO SMS and email | BYO SMS and email |
Password defense | No | Yes‡ | Yes‡ |
Account defense | No | Yes | Yes |
SMS defense | No | Yes‡ | Yes‡ |
Payment fraud prevention | No | Yes‡ | Yes‡ |
Mobile SDKs | No | Yes | Yes |
* Learn how reCAPTCHA billing works.
† The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.
‡ Requires an extra assessment.
reCAPTCHA Pricing
Pricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.*
reCAPTCHA Essentials
Free up to 10,000 assessments†
reCAPTCHA Standard
Free up to 10,000 assessments†
$8 for up to 100,000 assessments
reCAPTCHA Enterprise
Free up to 10,000 assessments†
$8 for up to 100,000 assessments
then $1 per 1,000 assessments
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
Monthly, yearly, or custom
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
Multi-factor authentication
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
reCAPTCHA Essentials
reCAPTCHA Standard
reCAPTCHA Enterprise
* Learn how reCAPTCHA billing works.
† The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.
‡ Requires an extra assessment.
Get Started for Free
Use reCAPTCHA Essentials for a simple, free solution to safeguard your website against spam and abuse.
Request a Live Demo
Discover how reCAPTCHA boosts your website's security with a personalized interactive demo.
Learn more about reCAPTCHA
Report: SANS reviewed reCAPTCHA Enterprise and evaluated its key features by deploying a sample site within a Google Cloud account and testing several common use cases.
Webinar: Experts from SANS and Google discuss the capabilities of reCAPTCHA Enterprise in detecting and responding to fraud through real-time user behavior analysis.
Webinar: Shielding Your Business from Account-Based Fraud with reCAPTCHA
Webinar: Protect your business from account takeovers with reCAPTCHA
Webinar: Protecting Your Users from Password Leaks with reCAPTCHA
Business Case
GoFundMe: Securing donations from fraud with reCAPTCHA Enterprise
"Combining Google’s rich security expertise with GoFundMe’s focus on fraud prevention is already showing promising results as we strive to keep our platform the safest place to give online."
Matthew Murray, Director of Risk, GoFundMe
Learn how GoFundMe uses reCAPTCHA Enterprise to combat financial fraud, fake accounts, and fake campaigns, ultimately improving donor trust and ensuring that all donations go to those in need.
Frictionless experience
Unlocking millions of dollars in additional funds with a frictionless experience.
Fraud intelligence
Incorporating Google-scale fraud intelligence signals in reCAPTCHA to inform internal ML models.
Transaction protection
Targeting fraudulent payments and mitigate them in real time, while allowing good payments to go through.
How do I access the legacy reCAPTCHA Classic Admin Console?
The Classic Admin Console (formerly on google.com/recaptcha) is now accessible here, and via the "Legacy Admin Console" link in the left navigation. You can also continue to access the console using the same URL; there's no need to update existing bookmarks. All the same functionality is available, and your existing login credentials will still work.
What is reCAPTCHA?
reCAPTCHA is a modern modern bot protection and fraud prevention platform that protects your website and mobile apps against bots, account takeovers, and fraudulent transactions. Powered by Google-scale fraud intelligence telemetry from trillions of transactions, billions of users and devices, and millions of websites, reCAPTCHA provides global insights against cyber fraud to protect any endpoint across the entire customer journey. And with custom AI models, we ensure organizations can protect against sophisticated cyber threats with zero end user friction.
How do I use reCAPTCHA?
To get started with reCAPTCHA, create a free account. Subsequently, integrate a few lines of code into your website. Afterward, connect reCAPTCHA to your backend and design assessments. When users engage in actions like user verification or payment processes, reCAPTCHA will assess the user interaction and provide a score. Based on this score, you can determine appropriate actions for your website.
Is reCAPTCHA only visual challenges?
reCAPTCHA provides multiple methods to verify that a user is human, including invisible verification, risk-based scoring, and visual challenges. Since 2020, reCAPTCHA primarily works in the background, continuously analyzing user behavior and assigning a risk score. Organizations can then take actions based on the risk score.
Can I integrate reCAPTCHA with my other fraud tools?
Yes, you can integrate reCAPTCHA with various other fraud prevention tools. reCAPTCHA is designed to work alongside existing fraud protection solutions, and by adding reCAPTCHA to your website or mobile app, you gain an additional layer of security that is powered by Google-scale fraud intelligence.
Is reCAPTCHA available for mobile?
Yes, reCAPTCHA is available for mobile apps through our easy-to-integrate SDKs. The reCAPTCHA mobile SDKs enable you to protect your iOS and Android apps from fraudulent activity, spam, and abuse. By adding a few lines of code, you can use reCAPTCHA to verify user responses and prevent automated tools from accessing your app.
What types of online fraud does reCAPTCHA protect against?
reCAPTCHA protects against bots, website scraping, account takeovers, fake accounts, credential stuffing, payment fraud, card testing, chargebacks, stolen instruments, and gift card testing.
Learn how reCAPTCHA can protect your website